Information processing device and method for managing history information of information processing device

ABSTRACT

An information processing device includes: an operation processor; a storage in which an initial password being an initial setting of an administrator password is prestored; a logger that logs details of operations inputted using the operation processor, in the storage as operation history information; a password entry monitor that confirms whether or not the administrator password has been entered; a password changer that changes, upon a confirmation that a password differing from the initial password has been entered, the administrator password and stores the entered password as a new administrator password; and a log presenter that presents the operation history information when the administrator password has been changed.

BACKGROUND OF THE INVENTION Field of the Invention

The present invention relates to information processing devices andmethods for managing history information of the information processingdevices, and more particularly to an information processing devicehaving a function of authenticating an administrator using a passwordand a method for managing history information of the informationprocessing device.

Description of the Background Art

Conventional information processing devices, such as personal computers,mobile terminals, and image forming apparatuses, include one that has anauthentication function involving the use of a user-specific ID andpassword, so that only pre-registered users and administrators can usethe information processing device.

For example, Japanese Unexamined Patent Application Publication No.2004-310372 discloses a method for setting a password for userauthentication between a device being used by a user and a communicationterminal that are connected via a network. According to this method, theuser authentication is performed through the user entering a password inthe communication terminal in a case where the password of the user hasbeen already set in the device. In a case where the password of the userhas not been set in the device, the user is requested to set a passwordby entering the password twice in the communication terminal. Thepassword is stored in the device if the password entered for the secondtime matches the password entered for the first time. An applicationscreen is outputted after the user has been successfully authenticated.Thus, the use of the device without setting a password is prevented.

Conventional information processing devices also include one thatrequests an administrator of the information processing device to changean initial administrator password preset in the information processingdevice at the time of the first start-up of the information processingdevice accompanying installation of the information processing device.

Such devices that request the administrator to change the administratorpassword include one that does not allow functions available in theinformation processing device to be executed until the administratorpassword has been changed, in order to prevent an illegitimate use by aperson with a malicious intention.

However, in the case of such conventional information processing devicesas those that request the administrator to change the preset initialadministrator password, it may be impossible to change the administratorpassword right away from the request due to the absence of theadministrator at the time of installation for some reasons.

Conventional information processing devices also include one thatrequests an administrator of the information processing device to changean administrator password and completely prevents the use of theinformation processing device until the password has been changed. Thisis very inconvenient because an installation technician is not allowedto perform an initial setting operation accompanying installation of theinformation processing device, and a user who wishes to use theinformation processing device is not allowed to perform any inputoperation, unless the administrator changes the administrator password.

It may be convenient for general users if the information processingdevice allows not only the administrator but also any general user whowishes to use the information processing device to perform an inputoperation between the first start-up of the information processingdevice and a change of the preset initial administrator password.However, this is not preferable from a security standpoint, because theinformation processing device also allows an illegitimate use by aperson with a malicious intention (for example, theft of informationsaved therein or illegitimate software incursion), and the administratormay not notice the occurrence of the illegitimate use.

The present invention has been made in view of the above-describedcircumstances, and an object of the present invention is to provide aninformation processing device and a method for managing historyinformation of the information processing device, which allow formonitoring of usage of the information processing device between thefirst start-up of the information processing device and a change of apreset initial administrator password, and a later review of the usage,so that an administrator or the like of the information processingdevice can determine, for example, occurrence of an illegitimate use anddetails thereof, and consider countermeasures against the illegitimateuse, if any.

SUMMARY OF THE INVENTION

According to an aspect, the present invention provides an informationprocessing device including: an operation processor; a storage in whichan initial password being an initial setting of an administratorpassword is prestored; a logger that logs details of operations inputtedusing the operation processor, in the storage as operation historyinformation; a password entry monitor that confirms whether or not theadministrator password has been entered; a password changer thatchanges, upon the password entry monitor confirming that a passworddiffering from the initial password has been entered, the administratorpassword and stores the entered password as a new administratorpassword; and a log presenter that presents the operation historyinformation when the password changer has changed the administratorpassword.

In the information processing device, at least an executant, a date, anddetails of an operation are stored in association with one another inthe operation history information stored in the storage.

In the information processing device, the logger logs details ofoperations inputted using the operation processor after the informationprocessing device is started for the first time until the administratorpassword has been changed from the initial password to a differentpassword, in the storage as the operation history information.

The information processing device further includes a display. A passwordchange request screen for requesting that the administrator password bechanged is displayed on the display in a situation in which theadministrator password is unchanged and is still the initial passwordwhen the information processing device is started.

The information processing device further includes a display and apassword authenticator that authenticates the administrator passwordentered. An administrator information setting screen for settinginformation related to an administrator including the administratorpassword is displayed on the display if the password authenticatorconfirms that the entered administrator password and the initialpassword match while the administrator password is unchanged and isstill the initial password, and once the administrator password has beenchanged through the operation processor, the resulting administratorpassword is stored in the storage as a changed password, and the changedpassword is used for authentication of the administrator password to beperformed by the password authenticator.

The information processing device further includes a display thatdisplays information. The log presenter displays the operation historyinformation on the display.

The information processing device further includes an image outputterthat prints information. The log presenter prints out the operationhistory information on printing paper using the image outputter.

The information processing device further includes a communicator thatcommunicates information via a network. The log presenter transmits theoperation history information to another information processing deviceusing the communicator via the network.

According to another aspect, the present invention provides a method formanaging history information of an information processing device. Theinformation processing device includes an operation processor throughwhich a user of the information processing device inputs information anda storage in which an initial password being an initial setting of anadministrator password is prestored. The method includes: loggingdetails of operations inputted using the operation processor, in thestorage as operation history information; confirming whether or not theadministrator password has been entered; changing, upon a confirmationthat a password differing from the initial password has been entered,the administrator password and storing the entered password as a newadministrator password; and presenting the operation history informationwhen the administrator password has been changed.

According to the present invention, details of operations inputted usingthe operation processor are logged and stored in the storage as theoperation history information, and the operation history information ispresented when the password changer has changed the administratorpassword. Usage of the information processing device is thus storedbetween the first start-up of the information processing device and achange of the preset initial administrator password. The presentedoperation history information enables the administrator or the like ofthe information processing device to review the usage of the informationprocessing device later, to determine occurrence of, for example, anillegitimate use and details thereof, and to consider countermeasuresagainst the illegitimate use, if any.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating a configuration of an example ofan image forming apparatus according to the present invention.

FIG. 2 is an explanatory diagram showing examples of information storedin a storage according to the present invention.

FIG. 3 is an explanatory diagram showing examples of information storedin the storage according to the present invention.

FIG. 4 is an explanatory diagram showing an example of an initialsetting menu screen displayed on a display according to the presentinvention.

FIG. 5 is an explanatory diagram showing an example of the initialsetting menu screen displayed on the display according to the presentinvention.

FIG. 6 is an explanatory diagram showing an example of an administratorsetting menu screen displayed on the display according to the presentinvention.

FIG. 7 is an explanatory diagram showing an example of an administratorpassword entry screen displayed on the display according to the presentinvention.

FIG. 8 is an explanatory diagram showing an example of an administratorinformation setting screen displayed on the display according to thepresent invention.

FIG. 9 is an explanatory diagram showing an example of a passwordmismatch warning screen displayed on the display according to thepresent invention.

FIG. 10 is a flowchart showing an example of a logging process accordingto the present invention.

FIG. 11 is a flowchart showing an example of a password changing processaccording to the present invention.

FIG. 12 is a flowchart showing an example of the password changingprocess according to the present invention.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

The following describes embodiments of the present invention withreference to the accompanying drawings. Note that the present inventionis not limited to the embodiments described below.

The present invention relates to information processing devices.Information processing devices include various devices such as personalcomputers, communication devices, display devices, and image formingapparatuses. The embodiments described below are applicable to any ofthese information processing devices.

Among the information processing devices, the following describes, as anembodiment, an image forming apparatus that receives input of a documentcontaining information such as images, graphics, and characters, andthat has functions such as a printing function.

Configuration of Image Forming Apparatus

FIG. 1 is a block diagram illustrating a configuration of an example ofan image forming apparatus according to the present invention.

An image forming apparatus (also referred to below as a multifunctionperipheral (MFP)) 1 processes image data. Examples thereof include anelectronic apparatus having functions such as a copying function, aprinting function, a document reading (scanning) function, a documentediting function, a document saving function, a document transmitting(faxing, FAX) function, and a communication function.

The image forming apparatus 1 according to this embodiment of thepresent invention is described as having, in particular, a printingfunction and a document reading (scanning) function. However, the imageforming apparatus 1 may have other functions.

In FIG. 1, the image forming apparatus (MFP) 1 according to the presentinvention mainly includes a controller 11, an operation processor 12, adisplay 13, an image processor 14, a communicator 18, a logger 21, apassword entry monitor 22, a password authenticator 23, a passwordchanger 24, a log presenter 25, and a storage 50.

The image processor 14 mainly includes an image inputter 15, an imageformer 16, and an image outputter 17.

The controller 11 is a component that controls operation of eachconstituent such as the operation processor and the image processor, andis implemented by a microcomputer that mainly includes a centralprocessing unit (CPU), read-only memory (ROM), random-access memory(RAM), an input/output (I/O) controller, a timer, and the like.

The CPU organically operates various types of hardware based on acontrol program prestored in the ROM or the like, and executes functionsaccording to the present invention, such as an image forming functionand a logging function.

The CPU executes, based on a predetermined program, processing in eachof the following function blocks among the constituents mentioned above:the logger 21, the password entry monitor 22, the password authenticator23, and the password changer 24.

The operation processor 12 is an input device for a user of the imageforming apparatus to input information. A predetermined input operationfor operating the image forming apparatus is performed through theoperation processor 12. For example, the operation processor 12 is acomponent through which information such as characters is inputted, anda function is selected and inputted. A keyboard, a mouse, a touch panel,and the like are usable as the operation processor 12.

Examples of keys to be operated by the user include an operation startkey, a function selection key, and a setting key.

For example, the user operates the touch panel and enters a start keyfor a reading operation to execute a copying function and anadministrator setting function.

Through the administrator setting function, in particular, the useroperates the touch panel and enters a predetermined selection key tochange administrator passwords, register users who use the image formingapparatus, and set up information for connection to a network.

The display 13 is a component that displays information. The display 13displays information necessary for executing each function, results ofthe execution of the function, and the like in order to notify the userof such information. For example, in a case where a liquid crystaldisplay (LCD), an organic electroluminescence (EL) display, or the likeis employed as the display 13, and a touch panel is employed as theoperation processor 12, the display 13 and the touch panel are stackedon one another.

On the display 13, for example, configuration of settings to be used forprinting and the like by the image forming apparatus, informationnecessary for executing a function such as a document reading function,an operation screen for a selected function, a password entry screen, anadministrator information setting screen, and the like are displayedusing characters, symbols, graphics, still images, icons, animation,moving images, and the like.

In particular, according to the present invention, a password changerequest screen for requesting that an administrator password be changedis displayed on the display 13 as described below in a situation inwhich the administrator password is unchanged and is still an initialpassword when the information processing device is started.

The image processor 14 is a component that executes the image formingfunction, which is a main function of the image forming apparatus. Theimage processor 14 mainly includes the image inputter 15, the imageformer 16, and the image outputter 17.

The image inputter 15 is a component that mainly inputs predeterminedimage data. The image former 16 is a component that mainly converts theinputted image data to form information such as printable information.The image outputter 17 is a component that mainly outputs the formedinformation such as printable information on printing paper or the like.

The image inputter 15 is a component that inputs image data of adocument containing images, characters, graphics, or the like. Forexample, the image inputter 15 reads a document placed on a documenttable or the like.

A scanner (reading device) that reads a document containing informationis used as the image inputter 15.

In order to read documents, the image forming apparatus 1 includes atable on which a document is placed (document table) and a documentcover for holding the document.

The image forming apparatus 1 may further include an automatic documentfeeder (ADF) that receives a plurality of sheets of document placedthereon and reads the document while automatically conveying thedocument one sheet at a time.

In this case, the document containing images or the like is read by thescanner, and resulting image data of the document is stored in thestorage 50.

Various methods are available for inputting image information.

For example, an interface for connecting an external storage medium suchas a USB flash drive is applicable to the image inputter 15.

Electronic data files containing image information and the like to inputmay be saved in an external storage medium such as a USB flash drive,and the storage medium such as a USB flash drive may be connected to aninput interface such as a USB terminal. A desired electronic data filemay be then read out of the storage medium such as a USB flash drive andstored in the storage 50 as input image data through a predeterminedinput operation performed using the operation processor 12.

For printing the input image data on a recording medium, for example,the image former 16 typically forms an image based on the input imagedata on the recording medium by performing the following processes insequence: charging, irradiation, development, image transfer, cleaning,static elimination, and fixing.

In the development process, a toner is supplied from a toner cartridgeto a developing device, an electrostatic latent image formed on acharged surface of a photosensitive drum is developed, and thus a tonerimage corresponding to the electrostatic latent image is formed. Thetoner image formed on the surface of the photosensitive drum istransferred onto the recording medium by a transfer device, and thenheated and fixed onto the recording medium by a fixing device.

The image former 16 also converts the input image data to information ina form that can be transferred or displayed.

The image outputter 17 is a component that outputs input image dataformed and is, for example, equivalent to a printer that printsinformation such as input image data. The image outputter 17 prints, onpredetermined printing paper (paper medium), input image data obtainedby reading a document.

However, outputting input image data is not limited to printing, and mayinclude, for example, storing input image data obtained by scanning adocument and faxing input image data obtained by scanning a document.

For example, storing input image data obtained by reading a document inan external storage medium such as a USB flash drive, transmitting inputimage data to another information processing device or a server via anetwork such as the Internet, and classifying and saving input imagedata into a specific save folder are also outputting image data.

The communicator 18 is a component that communicates information via anetwork. The communicator 18 performs data communication with anotherinformation processing device.

For example, the communicator 18 receives an electronic data filetransferred from an information processing device such as a personalcomputer, a mobile terminal, or a server.

The communicator 18 also transfers input image data generated by theimage forming apparatus 1 according to the present invention to anexternal storage device (such as a USB flash drive) connected to theimage forming apparatus 1, or transmits, via the network, such inputimage data to an information processing device such as a server or apersonal computer owned by a user who has inputted a document.

As the network, any existing communications networks including a localarea network (LAN) and a wide area network such as the Internet areusable, and both wired and wireless communication methods may be used.

As described below, in order for an administrator of the image formingapparatus to determine occurrence of an illegitimate use and the like,details of operations (operation history information) stored in thestorage 50 may be transmitted to an information processing device suchas a personal computer owned by the administrator.

The logger 21 is a component that logs details of operations inputtedinto the image forming apparatus using the operation processor 12, inthe storage 50 as operation history information.

For example, details of operations performed by the administratorincluding an operation for changing the administrator password and anoperation for registering a user, and operations by a user including anoperation for executing a function such as a copying function, a loginoperation, an operation for inputting image data, and an operation fortransferring image data are logged and stored in the storage 50.

Details of operations are sequentially logged in chronological order asoperation history information 51 such as shown in FIG. 3 describedbelow. Details of each operation is associated with the name of the userwho performed the operation (user name) and the date when the operationwas performed. The operation history information 51 may also be referredto below as log information.

Details of operations may be classified according to operationexecutant, operation type, and the like, and may include, for example,operation items indicating classifications and operation settinginformation corresponding to what was actually done through theoperation, which comes under the operation items.

For example, in a case where the administrator of the image formingapparatus logged into the image forming apparatus by entering theadministrator's ID and password on Oct. 1, 2019, the followinginformation is added to the operation history information. That is, auser name: “administrator”, a date: “Jan. 10, 2019”, an operation itemas a detail of the operation: “administrator setting”, and operationsetting information as a detail of the operation: “login (ID, password)”are stored in association with one another.

For another example, in a case where a user 01 registered with the imageforming apparatus logged into the image forming apparatus, and then senta fax to a recipient's fax number “06-1234-5678” on Feb. 3, 2020, thefollowing information is added to the operation history information.That is, a user name: “user 01”, a date: “Mar. 2, 2020”, an operationitem as a detail of the operation: “user operation”, and operationsetting information as a detail of the operation: “faxing(06-1234-5678)” are stored in association with one another.

For example, the logger 21 may log details of all operations that areperformed after the power of the image forming apparatus is turned onand until the power is turned off.

In order to allow for later determination of occurrence of anillegitimate use upon installation of the image forming apparatus, inparticular, the logger 21 according to the present invention preferablylogs details of all operations that are inputted using the operationprocessor 12 after the first start-up of the image forming apparatusuntil a change of the administrator password from an initial password toa different password, in the storage 50 as the operation historyinformation 51.

The initial password is an initial setting of the administrator passworddescribed below, which is an administrator password (initial passwordKPW0) set and stored in the storage 50 prior to installation of theimage forming apparatus.

The password entry monitor 22 is a component that confirms whether ornot the administrator password has been entered. Upon entry of theadministrator password, the password entry monitor 22 stores the enteredpassword as an input password (INPW) 54 described below.

For the confirmation as to whether or not the administrator password hasbeen entered, for example, an operation for displaying an administratorpassword entry screen is performed, and whether or not any informationhas been entered in a password entry field on the administrator passwordentry screen being displayed is determined.

The entered administrator password (input password INPW) is comparedagainst, for example, the initial password KPW0 for administratorauthentication.

The password authenticator 23 is a component that authenticates theentered administrator password.

The initial password KPW0 is preset and prestored as the administratorpassword. The password authenticator 23 checks whether or not theentered administrator password and the initial password KPW0 match whilethe administrator password is unchanged and is still the initialpassword KPW0.

The initial password KPW0 is stored as-is as a changed password KPW1described below before the administrator password is changed.

In this case, for the authentication of the administrator password, thepassword authenticator 23 checks whether or not the enteredadministrator password (input password INPW) and the changed passwordKPW1 match.

If the input password INPW and the changed password KPW1 match, theauthentication of the administrator password is determined to besuccessful. If the input password INPW and the changed password KPW1 donot match, the authentication of the administrator password isdetermined to be unsuccessful.

Once the administrator password has been changed, a password differingfrom the initial password KPW0 is stored as the changed password KPW1.

The authentication of the administrator password is determined to besuccessful if a legitimate administrator has changed the administratorpassword, and the legitimate administrator who has changed theadministrator password enters, as the input password INPW, the samepassword as the changed password KPW1.

The authentication of the administrator password is determined to beunsuccessful if the administrator password has been changed, and anadministrator or an illegitimate user who does not know about the changeof the administrator password enters, as the input password INPW, thesame password as the initial password KPW0.

According to the present invention, the administrator password ischanged after the authentication of the administration password isdetermined to be successful.

In a case where the password authenticator 23 confirms that the enteredadministrator password INPW and the initial password KPW0 match whilethe administrator password is unchanged and is still the initialpassword KPW0, for example, the administrator information setting screenfor setting information related to the administrator including theadministrator password is displayed on the display 13.

Thereafter, once the administrator password has been changed through theoperation processor 12, the resulting administrator password is storedin the storage 50 as the changed password KPW1.

The changed password KPW1 is used for the authentication of theadministrator password to be performed by the password authenticator 23.

The password changer 24 is a component that changes the administratorpassword.

Upon the password entry monitor 22 confirming that a password differingfrom the initial password has been entered, the password changer 24changes the administrator password and stores the entered password as anew administrator password.

In a case where a new administrator password is entered as an item ofadministrator information on the administrator information settingscreen for administrator setting such as described below, for example,the entered new administrator password is stored as the changed passwordKPW1.

Details of such an operation for changing the administrator password isstored by being added to the operation history information uponexecution thereof.

The log presenter 25 is a component that presents the operation historyinformation stored in the storage 50.

In particular, the log presenter 25 presents the operation historyinformation when the password changer 24 has changed the administratorpassword.

The log presenter 25 can present the operation history information byvarious methods.

For example, as described below, the log presenter 25 presents theoperation history information to the administrator by displaying thedetails of the operations stored in the storage 50 on the display 13.

The log presenter 25 may alternatively present the operation historyinformation to the administrator by printing out the details of theoperations stored in the storage 50 on printing paper using the imageoutputter 17.

The log presenter 25 may alternatively present the operation historyinformation to the administrator by transmitting the details of theoperations stored in the storage 50 to another information processingdevice (for example, transmission to a personal computer owned by theadministrator or transmission to the administrator's e-mail address)using the communicator 18 via the network.

The storage 50 is a component that stores information and programsnecessary to implement the various functions of the image formingapparatus according to the present invention. For the storage 50,semiconductor storage devices such as ROM, RAM, and flash memory, andstorage devices such as a hard disk drive (HDD) and a solid state drive(SSD), and other storage media are usable.

The operation history information 51, an initial password 52, a changedpassword 53, an input password 54, a password flag 55, and logpresentation method information 56, for example, are stored in thestorage 50.

Note here that the initial password (KPW0) 52, the changed password(KPW1) 53, and the input password (INPW) 54 are each an administratorpassword.

The administrator password refers to a password to be entered by theadministrator of the image forming apparatus when the administrator logsinto the image forming apparatus.

FIGS. 2 and 3 are explanatory diagrams showing examples of informationstored in the storage 50.

FIG. 2 shows examples of the administrator password (initial password52, changed password 53, input password 54), the password flag 55, andthe log presentation method information 56.

FIG. 3 shows an example of the operation history information 51.

The operation history information 51 refers to information (loginformation) obtained by storing a history of details of operationsinputted using the operation processor 12 of the image formingapparatus.

The history of details of operations is for a later review by theadministrator or the like of the image forming apparatus, so thatoccurrence of an illegitimate use is determined based on the history.

Therefore, information necessary for determining occurrence of anillegitimate use is stored as the operation history information 51.

The operation history information 51 shown in FIG. 3 includes fivepieces of history information, which are respectively given historynumbers 1 to 5.

Names of operation executants (user names), dates, and details ofoperations including operation items and operation setting informationare stored in an associated manner as the operation history information51 shown in FIG. 3.

For example, the history information given history number 1 indicatesthat an administrator having a user name “administrator KA” performed aninput operation for an operation item “administrator setting” on a date“18 Sep. 2019, 14:55:30”, and a user having a name “user 22” wasadditionally registered through the input operation.

For another example, the history information given history number 3indicates that a registered user having a user name “user 01” performedan input operation for an operation item “user operation” on a date “19Sep. 2019, 12:20:38”, and a function referred to as “faxing” to adestination fax number “06-1234-5678” was executed through the inputoperation.

For another example, the history information given history number 5indicates that the administrator having a user name “administrator KA”performed an input operation for an operation item “administratorsetting” on a date “21 Sep. 2019, 18:50:47”, and a function referred toas “displaying registered user list” for checking users registered withthe image forming apparatus was executed through the input operation.

The operation history information shown in FIG. 3 is merely an example,and the present invention is not limited thereto.

For example, the operation items include “guest user operation” for anunregistered and unauthorized user, in addition to “administratorsetting” and “user operation”.

Furthermore, the operation setting information include, for example,“registering destination IP address”, “scan transmission”, “printing”,“copying”, and “saving to external storage”, in addition to “useraddition” and “faxing”.

The administrator of the image forming apparatus can find out whether ornot the image forming apparatus was used illegitimately, or whether ornot a registered user performed a setting change or a function that areprohibited at the time of the first start-up of the image formingapparatus, by checking the operation history information 51 such asshown in FIG. 3.

The initial password (KPW0) 52, which is an administrator password,refers to a password being an initial setting prestored in the storage50 of the image forming apparatus.

The initial password (KPW0) 52 is, for example, stored in the storage 50before shipment of the image forming apparatus.

For the first start-up following installation of the image formingapparatus according to the present invention, an installation technicianor an administrator trying to perform initial setting-up work isrequired to log into the image forming apparatus by entering theadministrator password.

The administrator password to be entered at the time of the login forthe first start-up is the initial password (KPW0) 52.

The installation technician or the administrator can, for example, beginthe installation work and the initial setting-up work by entering theinitial password 52 on an initial setting menu screen.

For a plurality of image forming apparatuses, the same password may beset as the initial password (KPW0) 52 for each type of the image formingapparatuses, or different unique passwords may be set for each of theimage forming apparatuses.

However, the initial password KPW0 needs to be publicly available inorder to allow any installation technicians or administrators whoinstall the image forming apparatuses to perform initial setting andmaintenance work.

As long as the initial password KPW0 is publicly available, even aperson scheming for an illegitimate use can know the initial passwordKPW0. Consequently, for example, an illegitimate user can log in usingthe initial password KPW0 and acquire information stored in the imageforming apparatus or install software for an illegitimate use on theimage forming apparatus.

In the cases where the initial password KPW0 prestored in the imageforming apparatus is publicly available, therefore, the administratorpassword needs to be changed from the initial password KPW0 to adifferent password as soon as possible once the initial setting-up workis done, in order to prevent an illegitimate use by an illegitimateuser.

The initial password KPW0 may be deleted after the administratorpassword has been changed. However, for an occasion when the imageforming apparatus is reset to factory settings, the initial passwordKPW0 may be permanently kept stored without being deleted.

The changed password (KPW1) 53 refers to a password stored in thestorage 50 after the administrator password has been changed.

In a case where “KANNEW1” differing from the initial password KPW0 isentered as a new password to change the administrator password, forexample, “KANNEW1” is stored as the changed password (KPW1) 53.

Note that the same password as the initial password KPW0 is prestored asan initial setting of the changed password (KPW1) 53.

Once a password differing from the initial password KPW0 has been storedas the changed password KPW1, the changed password KPW1 is used as theadministrator password from then on.

The input password (INPW) 54 refers to a password entered by theadministrator when the administrator logs into the image formingapparatus.

For example, a request to enter the administrator password is made whenthe installation technician or the administrator logs in on the initialsetting menu screen to begin installation work and initial setting-upwork, and a password entered in response to the request is stored as theinput password (INPW) 54. As administrator login authentication at thetime of the first start-up of the image forming apparatus, this inputpassword INPW is compared against the initial password KPW0, and theauthentication is determined to be successful if these passwords match.

After the administrator password has been changed, the input passwordINPW is compared against the changed password KPW1, and theauthentication is determined to be successful if these passwords match.

FIG. 2 shows examples of the administrator password (initial passwordKPW0, changed password KPW1, input password INPW).

In the case shown in FIG. 2, KANOLD0 is stored as the initial passwordKPW0, KANNEW1 is stored as the changed password KPW1, and KANNEW1 isstored as the input password INPW.

The input password INPW is compared against the changed password KPW1since KANNEW1 differing from the initial password KPW0 is stored as thechanged password KPW1. Accordingly, the administrator loginauthentication is determined to be successful if the input password INPWis KANNEW1 that matches the changed password KPW1.

The password flag 55 is information for checking whether or not theadministrator password has been changed.

For example, as shown in FIG. 2, “T” is set and stored as the passwordflag (PWFLG) 55 if the administrator password has been changed, and “F”is set and stored as the password flag (PWFLG) 55 if the administratorpassword has not been changed.

As described above, “F” is set and stored as the password flag PWFLG ifthe same password as the initial password KPW0 is still stored as thechanged password KPW1.

If a password differing from the initial password KPW0 is stored as thechanged password KPW1, “T” is set and stored as the password flag PWFLG.

The log presentation method information 56 refers to informationindicating a method set for presenting the operation history information(log information) to the administrator of the image forming apparatus.

The operation history information (log information) is presented to theadministrator by the method set as the log presentation methodinformation 56.

Examples of methods for presenting the operation history information(log information) include displaying, printing, and data communicationas shown in FIG. 2. Any one of the presentation methods may be set andstored as the log presentation method information 56.

The operation history information (log information) is displayed on thedisplay 13 of the image forming apparatus if “displaying” is set andstored as the log presentation method information 56.

The operation history information (log information) is printed out onpredetermined printing paper using the image outputter 17 of the imageforming apparatus if “printing” is set and stored as the logpresentation method information 56.

The operation history information (log information) is transmitted to apersonal computer or a mobile terminal owned by the administrator, or toan information processing device such as a management server using thecommunicator 18 if “data communication” is set and stored as the logpresentation method information 56.

Note that the method for presenting the operation history information(log information) is not limited to the three methods described above,and other presentation methods such as faxing or a social networkservice may be employed.

Example of Logging Process

The following describes an example of a process for logging a history ofinput operations (logging process) by the logger 21.

Input operations are to be performed by an administrator, a user, amaintenance technician, or the like of the image forming apparatus.

However, a person who schemes for an illegitimate use (referred to belowas an illegitimate user) can perform an input operation by impersonatinga legitimate administrator between when the image forming apparatus isstarted for the first time since installation thereof (first start-up)and when the administrator password has been changed.

In order to allow for a later review of usage of the image formingapparatus and determination of occurrence of an illegitimate use by theadministrator, therefore, all input operations performed on the imageforming apparatus after the first start-up of the image formingapparatus shall be logged regardless of who performed the inputoperations.

As described above, details of the input operations are stored by beingadded to the operation history information 51.

FIG. 10 shows a flowchart of an example of the logging process.

In step S1 in FIG. 10, the operation processor 12 checks whether or notan input operation has been performed.

For example, whether or not an input operation using a keyboard, amouse, a touch panel, or the like has been performed is checked.

The process advances to step S3 if it is determined in step S2 that aninput operation has been performed. Otherwise, the process returns tostep S1.

In step S3, details of the input operation are acquired.

For example, which key has been entered and what has been selected usingthe mouse or the touch panel are acquired.

The details of the input operation include, for example, the operationitem and the operation setting information as described above.

In step S4, a user name of the user who performed the input operationand a date when the input operation was performed are acquired.

For example, an ID can be acquired as the user name, because inprinciple, the administrator of the image forming apparatus andregistered users log into the image forming apparatus through anauthentication process using an ID and a password.

In a case where an unknown user performed the input operation, “unknownuser” may be acquired as the user name.

A date and time (year, month, day, hour, minute, second) when an inputusing a key or the like was performed can be acquired as the date.

In step S5, the thus acquired details of the input operation, the username, and the date are associated with one another and stored by beingadded to the operation history information 51.

Note that the information that is stored as the operation historyinformation is not limited to those described above. For example,information necessary for reviewing usage of the image forming apparatussuch as log information of touch operations (touch locations) or keyoperations may be stored.

Example of Password Changing Process

The following describes an example of a process related to theadministrator password (monitoring of entry of the administratorpassword, authentication of the administrator password, changing of theadministrator password).

FIGS. 11 and 12 show flowcharts of an example of a password changingprocess.

In step S31 in FIG. 11, in response to the power of the image formingapparatus being turned on, the controller 11 starts various types ofhardware so that main functions of the image forming apparatus can beexecuted.

In step S32, the controller 11 checks the password flag PWFLG.

For example, as described above, the controller 11 checks whether PWFLGis “T” (changed) or “F” (unchanged) in step S32.

The process advances to step S35 if it is determined in step S33 thatthe password flag PWFLG is “F” (unchanged). Otherwise (PWFLG=“T”:changed), the process advances to step S34.

In step S34, the initial setting menu screen is displayed on the display13.

FIG. 4 is an explanatory diagram showing an example of the initialsetting menu screen displayed on the display.

This initial setting menu screen is displayed if the administratorpassword has been changed.

On this screen, for example, selectable functions (copying, scanning,administrator setting, and the like) and the following message aredisplayed: “Select a function to execute.”

The administrator or a user can perform an input operation for selectinga function to execute while viewing this screen.

In step S35, the initial setting menu screen including a request to setthe administrator password is displayed on the display 13.

FIG. 5 is an explanatory diagram showing an example of the initialsetting menu screen displayed on the display.

This initial setting menu screen is displayed if the administratorpassword has not been changed.

On this screen, for example, a selection area “administrator setting”and the following message are displayed: “The administrator password hasnot been changed. Select ‘administrator setting’ and change theadministrator password.”

In the case of the administrator, the administrator can perform an inputoperation for selecting “administrator setting” while viewing thisscreen.

In the case of a user who is not the administrator, however, the userselects, for example, a selection area “cancel”.

In response to “cancel” being selected, for example, the initial settingmenu screen illustrated in FIG. 4 may be displayed.

In step S36, the operation processor 12 checks whether or not an inputoperation has been performed.

The process advances to step S38 if it is determined in step S37 that aninput operation for selecting “administrator setting” has beenperformed. Otherwise, the process returns to step S32.

Since only the process related to the administrator password isdescribed here, the process is described as returning to step S32 if anyother selection area than “administrator setting” has been selected.Normally, however, the selection of a selection area is followed byexecution of the selected function. Functions other than “administratorsetting” will be omitted here.

In step S38, an administrator setting menu screen is displayed on thedisplay 13.

FIG. 6 is an explanatory diagram showing an example of the administratorsetting menu screen displayed on the display.

In FIG. 6, for example, selection areas for some functions related to“administrator setting” and the following message are displayed: “Selecta function to execute.”

Examples of functions related to “administrator setting” include “userregistration”, “changing administrator password”, “displaying userlist”, and “network connection setting” as shown in FIG. 6.

However, the functions related to “administrator setting” are notlimited to these functions. For example, other functions such as “energysaving setting”, “copier setting”, “fax setting”, “scanner setting”, and“printer setting” may be displayed as functions related to“administrator setting”.

The administrator can perform an input operation for selecting afunction to execute while viewing this screen.

The following flow describes the case where “changing administratorpassword” is selected and inputted from among the displayed functions.

In step S39, whether or not “changing administrator password” has beenselected and inputted is checked.

The process advances to step S41 if it is determined in step S40 that“changing administrator password” has been inputted. Otherwise, theprocess returns to step S38.

Note that selection of another function is followed by execution of theselected function, but description thereof will be omitted here.

In step S41, the administrator password entry screen is displayed on thedisplay 13.

FIG. 7 is an explanatory diagram showing an example of the administratorpassword entry screen displayed on the display.

In FIG. 7, for example, a display area for entering “administratorpassword” and the following message are displayed: “Enter theadministrator password.”

The administrator can enter the unchanged administrator password whileviewing this screen.

The initial password KPW0 is entered if the administrator password hasnever been changed.

The same password as the password stored as the changed password KPW1 isentered if the administrator password has been changed.

After the password has been entered, a display area “OK” is selected andinputted to confirm the entry of the password.

The process advances to step S43 if it is determined in step S42 thatthe administrator password has been entered. Otherwise, the processreturns to step S41.

In step S43, the entered administrator password is stored as the inputpassword INPW.

In step S44, the entered administrator password (input password INPW) iscompared against the changed password KPW1.

If the administrator password has never been changed and the samepassword as the initial password KPW0 being an initial setting is storedas the changed password KPW1, the input password INPW is comparedagainst the initial password KPW0.

If the input password INPW and the changed password KPW1 match in stepS45, the process advances to step S51 in FIG. 12.

If the input password INPW and the changed password KPW1 do not match,the process advances to step S46.

If the passwords do not match, which means that the administratorauthentication is unsuccessful, a warning screen is displayed on thedisplay 13 in step S46, indicating that the administrator password isincorrect and the administrator authentication is unsuccessful.

After the warning screen has been displayed, the process ends oradvances to a request for a re-entry of the correct administratorpassword.

FIG. 9 is an explanatory diagram showing an example of a passwordmismatch warning screen displayed on the display.

On the administrator password mismatch warning screen in FIG. 9, forexample, a display area for entering “administrator password” and thefollowing message are displayed: “The administrator password has alreadybeen changed. Enter the correct administrator password.”

The process may then return to step S42 upon the administrator passwordbeing re-entered.

In step S51 in FIG. 12, the administrator information setting screen isdisplayed on the display 13.

FIG. 8 is an explanatory diagram showing an example of the administratorinformation setting screen displayed on the display.

The administrator enters the new administrator password changed from theinitial password while viewing this screen.

On the administrator information setting screen in FIG. 8, for example,display areas for inputting administrator information including theadministrator password and the following message are displayed: “Enteradministrator information.”

FIG. 8 shows a case where the new administrator password (new password),the administrator's e-mail address (e-mail), and the administrator'stelephone number are entered as the administrator information.

However, the administrator information is not limited to these items ofinformation. For example, age, department name, employee ID, socialnetwork service account may also be inputted.

After the new password and the like have been inputted, a display area“OK” is selected and inputted to confirm the entry of the administratorinformation.

The process advances to step S53 if it is determined in step S52 thatthe new password and the like have been entered. Otherwise, the processreturns to step S51.

In step S53, the entered new password INPW is stored as the changedpassword KPW1.

In step S54, the password flag PWFLG is set to “T” indicating that thepassword has been changed (PWFLG =T).

In step S55, the operation history information 51 is read out of thestorage 50.

The process advances to step S57 if it is determined in step S56 thatsome information is stored as the log presentation method information56. Otherwise, the process advances to step S60.

In step S57, the log presentation method information 56 is read.

In step S58, the log presenter 25 presents the operation historyinformation 51 based on the read log presentation method information 56.

For example, the operation history information 51 such as shown in FIG.3 is displayed on the display 13 if “displaying” is stored as the logpresentation method information 56.

For another example, the operation history information 51 is printed outon predetermined printing paper using the image outputter 17 if“printing” is stored as the log presentation method information 56.

For another example, the operation history information 51 is transmittedto a preregistered specific destination information processing devicesuch as a personal computer owned by the administrator using thecommunicator 18 if “data communication” is stored as the logpresentation method information 56.

The process ends if it is determined in step S59 that the administratorhas performed an input meaning an instruction to end the logpresentation (log presentation end input). Otherwise, the processreturns to step S58.

In step S60, a log presentation method selection screen is displayed onthe display 13 since the log presentation method information 56 has notbeen set.

On the log presentation method selection screen, for example, selectionareas for a plurality of log presentation methods such as “displaying”,“printing”, and “data communication” are displayed, so that theadministrator selects a desired presentation method.

The process advances to step S62 if it is determined in step S61 thatthe administrator has selected and inputted a log presentation method.Otherwise, the process returns to step S60.

In step S62, the selected log presentation method is stored as the logpresentation method information 56. Thereafter, the process advances tostep S58.

Embodiments of Changing Administrator Password and Presenting OperationHistory Information

The following describes an embodiment in which the administratorpassword is changed, and subsequently the operation history informationis presented.

In the following embodiment, the operation history informationpresentation method is “displaying”.

Embodiment 1

As Embodiment 1, a case is described where the legitimate administratorchanges the administrator password from the initial password KPW0 to adifferent password.

Operation 01:

An installation technician of the image forming apparatus installs theimage forming apparatus and performs an initial setting operationaccompanying the installation.

At this point, the administrator password is still the preset initialpassword KPW0, and the changed password KPW1 is also the preset initialpassword KPW0.

The installation technician can log into the image forming apparatususing, for example, the known initial password KPW0 and perform theinitial setting operation accompanying the installation.

This initial setting operation is stored as an “operation 01” by beingadded to the operation history information 51.

Operation 02:

A registered user performs an operation for executing a specificfunction of the image forming apparatus before the administrator of theimage forming apparatus changes the administrator password.

If the administrator of the image forming apparatus has alreadyregistered information of this user, the user can log into the imageforming apparatus using the registered information.

This operation performed by the user for executing the specific functionis stored as an “operation 02” by being added to the operation historyinformation 51.

Operation 03:

The administrator of the image forming apparatus performs an operationfor changing the administrator password.

For example, as shown in FIG. 8, the administrator enters a new passworddiffering from the initial password KPW0. The entered new password isstored as the changed password KPW1.

This operation for changing the administrator password is stored as an“operation 03” by being added to the operation history information 51.

Action of the Image Forming Apparatus:

Since the administrator password has been changed through the operation03, the operation history information 51 is presented as in step S58 inFIG. 12.

The operation history information 51 now includes at least the threeoperations described above (operations 01 to 03), and thus these threeoperations are displayed.

The operation history information 51 may be automatically displayedwhenever the administrator password is changed.

Alternatively, the operation history information 51 may be displayed inresponse to the administrator performing a specific operation (operationfor requesting that the operation history information 51 be displayed).

The administrator can check operations and functions inputted andexecuted between the installation of the image forming apparatus and thechange of the administrator password by viewing the displayed operationhistory information 51.

For example, the administrator can determine whether or not anillegitimate operation has been performed by viewing the operationhistory information 51 such as shown in FIG. 3 and checking the detailsof the operations.

If no illegitimate operation is found, the administrator does not needto take any special action.

If any illegitimate operation is found, the administrator can analyzethe illegitimate operation and consider necessary countermeasures.

Embodiment 2

As Embodiment 2, a case is described where a registered legitimate userperforms a specific operation, and thereafter the administrator changesthe administrator password from the initial password KPW0 to a differentpassword.

The specific operation refers to a setting operation predetermined bythe administrator, which is not an illegitimate operation but anoperation or a function that the administrator does not want any user toperform before the administrator password is changed (referred to belowas a prohibited operation).

Examples of prohibited operations include an operation for transmittingimage data stored in the image forming apparatus to another informationprocessing device, an operation for faxing such image data, an operationfor saving such image data in an external storage, and an operation fore-mailing such image data.

These operations or functions have the potential for information leakageand an illegitimate use.

The prohibited operations may be preset and prestored in the storage 50of the image forming apparatus by the administrator or an installationtechnician.

Operation 01:

As in the case of Embodiment 1, an installation technician of the imageforming apparatus installs the image forming apparatus and performs aninitial setting operation accompanying the installation.

At this point, the administrator password is still the preset initialpassword KPW0, and the changed password KPW1 is also the preset initialpassword KPW0.

The installation technician can log into the image forming apparatususing, for example, the known initial password KPW0 and perform theinitial setting operation accompanying the installation.

This initial setting operation is stored as an “operation 01” by beingadded to the operation history information 51.

Operation 02:

As in the case of Embodiment 1, a registered user performs an operationfor executing a specific function of the image forming apparatus beforethe administrator of the image forming apparatus changes theadministrator password.

If the administrator of the image forming apparatus has alreadyregistered information of this user, the user can log into the imageforming apparatus using the registered information.

This operation performed by the user for executing the specific functionis stored as an “operation 02” by being added to the operation historyinformation 51.

In Embodiment 2, the operation 02 is a “faxing operation”, which is aprohibited operation.

In this case, “faxing operation” is stored as one of details ofoperations in the operation history information 51.

Operation 03:

The administrator of the image forming apparatus performs an operationfor changing the administrator password.

For example, as shown in FIG. 8, the administrator enters a new passworddiffering from the initial password KPW0. The entered new password isstored as the changed password KPW1.

This operation for changing the administrator password is stored as an“operation 03” by being added to the operation history information 51.

Action of the Image Forming Apparatus:

Since the administrator password has been changed through the operation03, the operation history information 51 is presented as in step S58 inFIG. 12.

The operation history information 51 now includes at least the threeoperations described above (operations 01 to 03), and thus these threeoperations are displayed.

In Embodiment 2, the displayed operation history information 51 includesthe “faxing operation” being a prohibited operation.

The administrator can find that the “faxing operation” being aprohibited operation was performed by a user between the installation ofthe image forming apparatus and the change of the administrator passwordby viewing the displayed operation history information 51.

For example, by viewing the operation history information 51 such asshown in FIG. 3 and checking the details of the operations, theadministrator can find in history number 3 that the “faxing operation”being a prohibited operation was performed by the user 01.

Thus, if a prohibited operation performed by a user is found, theadministrator can consider necessary countermeasures and take anappropriate action on the user who performed the prohibited operation.

In a case where prohibited operations set by the administrator areprestored in the storage 50, the log presenter 25 may automaticallycheck whether or not the operation history information 51 includes anyprohibited operation when presenting the operation history information51 and display, if the operation history information 51 includes aprohibited operation, information indicating that the prohibitedoperation was performed together with the operation history information51.

Alternatively, the log presenter 25 may highlight the row of historynumber 3 involving the prohibited operation or display the row ofhistory number 3 in a different color from rows of the other historynumbers.

This enables the administrator to easily and reliably recognize theoccurrence of the prohibited operation.

Embodiment 3

As Embodiment 3, a case is described where an illegitimate userimpersonating the legitimate administrator logs into the image formingapparatus using the initial password KPW0 being the administratorpassword and performs an operation related to a specific administratorsetting.

In this case, the illegitimate user can use the image forming apparatusfor illegitimate purposes, but the legitimate administrator can find outthe occurrence of the illegitimate use later and considercountermeasures.

Operation 01:

As in the case of Embodiment 1, an installation technician of the imageforming apparatus installs the image forming apparatus and performs aninitial setting operation accompanying the installation.

At this point, the administrator password is still the preset initialpassword KPW0, and the changed password KPW1 is also the preset initialpassword KPW0.

The installation technician can log into the image forming apparatususing, for example, the known initial password KPW0 and perform theinitial setting operation accompanying the installation.

This initial setting operation is stored as an “operation 01” by beingadded to the operation history information 51.

Operation 02:

An illegitimate user, who is not the administrator of the image formingapparatus, performs an operation for logging into the image formingapparatus using the initial password KPW0 before the administratorpassword is changed.

This login operation performed by the illegitimate user is stored as an“operation 02” by being added to the operation history information 51.

This login operation itself is the same as an operation to be performedby the legitimate administrator, and is therefore added to the operationhistory information 51 as a legitimate login operation.

Operation 03:

After the login, the illegitimate user performs an operation related toan administrator setting.

For example, the illegitimate user performs an operation “displayingregistered user list” under the administrator setting.

For another example, the illegitimate user can perform an operation“scan transmission” to be performed by a user.

This administrator setting-related operation performed by theillegitimate user is stored as an “operation 03” by being added to theoperation history information 51.

This operation is also the same as an operation to be performed by thelegitimate administrator or a legitimate user, and is therefore added tothe operation history information 51 as a legitimate operation.

Operation 04:

The legitimate administrator of the image forming apparatus performs anoperation for changing the administrator password.

For example, as shown in FIG. 8, the administrator enters a new passworddiffering from the initial password KPW0. The entered new password isstored as the changed password KPW1.

This operation for changing the administrator password is stored as an“operation 04” by being added to the operation history information 51.

Action of the Image Forming Apparatus:

Since the administrator password has been changed through the operation04, the operation history information 51 is presented as in step S58 inFIG. 12.

The operation history information 51 now includes at least the fouroperations described above (operations 01 to 04), and thus these fouroperations are displayed.

The legitimate administrator of the image forming apparatus checksoperations and functions inputted and executed between the installationof the image forming apparatus and the change of the administratorpassword by viewing the displayed operation history information 51.

For example, the legitimate administrator recognizes the login operationstored as the operation 02 and the operation “displaying registered userlist” stored as the operation 03 to be operations that the legitimateadministrator did not perform. In this case, the legitimateadministrator can determine that these operations may be illegitimateoperations performed by an illegitimate user.

If no illegitimate operation is found, the legitimate administrator doesnot need to take any special action.

If the legitimate administrator determines that an illegitimateoperation may have been performed, the legitimate administrator cananalyze the illegitimate operation and consider necessarycountermeasures.

For example, based on the fact that the operation “displaying registereduser list” was performed, the legitimate administrator recognizes thepossibility of leakage of personal information of registered users andinvestigates the leakage of personal information of the users.

Embodiment 4

As Embodiment 4, a case is described where an illegitimate userimpersonating the legitimate administrator changes the administratorpassword from the initial password KPW0 to a different password, andthen performs an operation related to a specific administrator setting.

In this case, the illegitimate user can use the image forming apparatusfor illegitimate purposes, but the legitimate administrator can find outthe occurrence of the illegitimate use later, and considercountermeasures.

Operation 01:

As in the case of Embodiment 1, an installation technician of the imageforming apparatus installs the image forming apparatus and performs aninitial setting operation accompanying the installation.

At this point, the administrator password is still the preset initialpassword KPW0, and the changed password KPW1 is also the preset initialpassword KPW0.

The installation technician can log into the image forming apparatususing, for example, the known initial password KPW0 and perform theinitial setting operation accompanying the installation.

This initial setting operation is stored as an “operation 01” by beingadded to the operation history information 51.

Operation 02:

An illegitimate user, who is not the administrator of the image formingapparatus, performs an operation for logging into the image formingapparatus using the initial password KPW0 before the administratorpassword is changed.

This login operation performed by the illegitimate user is stored as an“operation 02” by being added to the operation history information 51.

This login operation itself is the same as an operation to be performedby the legitimate administrator, and is therefore added to the operationhistory information 51 as a legitimate login operation.

Operation 03:

The illegitimate user performs an operation for changing theadministrator password.

For example, as shown in FIG. 8, the illegitimate user enters a newpassword differing from the initial password KPW0. The entered newpassword is stored as the changed password KPW1.

This operation for changing the administrator password is stored as an“operation 03” by being added to the operation history information 51.

This operation itself for changing the password is the same as anoperation to be performed by the legitimate administrator, and istherefore added to the operation history information 51 as a legitimateoperation.

Operation 04:

After the login, the illegitimate user performs an operation related toan administrator setting.

For example, the illegitimate user performs an operation “displayingregistered user list” under the administrator setting.

This administrator setting-related operation performed by theillegitimate user is stored as an “operation 04” by being added to theoperation history information 51.

This operation is also the same as an operation to be performed by thelegitimate administrator or a legitimate user, and is therefore added tothe operation history information 51 as a legitimate operation.

Operation 05:

The legitimate administrator of the image forming apparatus performs anoperation for logging into the image forming apparatus using theadministrator password.

The legitimate administrator does not know about the operation 03 andtherefore assumes that the current administrator password is still theinitial password KPW0. Accordingly, the legitimate administratorperforms the operation for logging into the image forming apparatus byentering the initial password KPW0.

However, the administrator password has already been changed through theoperation 03, and a password differing from the initial password KPW0has been set as the changed password KPW1.

The administrator authentication therefore ends up being unsuccessful asa result of the legitimate administrator entering, as the input passwordINPW, the initial password KPW0 differing from the changed passwordKPW1.

Action of the Image Forming Apparatus:

If the administrator authentication is unsuccessful, for example, anadministrator password mismatch warning screen such as shown in FIG. 9is displayed.

The legitimate administrator would fail in the administratorauthentication if the legitimate administrator performs an operation forlogging into the image forming apparatus again by entering the initialpassword KPW0.

The legitimate administrator who sees the unsuccessful administratorauthentication can determine that an illegitimate user may have loggedinto the image forming apparatus and changed the administrator password,as a result of failing in the administrator authentication with theinitial password KPW0 despite the fact that the legitimate administratorhas never changed the administrator password.

In this case, the legitimate administrator cannot log into the imageforming apparatus or display and check the operation history information51, but can determine that an illegitimate operation may have beenperformed and consider necessary countermeasures based on the situationin which the legitimate administrator cannot log in.

The legitimate administrator may, for example, take actions and measuressuch as resetting the image forming apparatus to factory settings,resetting the administrator password to an initial setting (changing thechanged password KPW1 back to the initial password KPW0), or getting intouch with a vendor of the image forming apparatus.

What is claimed is:
 1. An information processing device comprising: anoperation processor; a storage in which an initial password being aninitial setting of an administrator password is prestored; a logger thatlogs details of operations inputted using the operation processor, inthe storage as operation history information; a password entry monitorthat confirms whether or not the administrator password has beenentered; a password changer that changes, upon the password entrymonitor confirming that a password differing from the initial passwordhas been entered, the administrator password and stores the enteredpassword as a new administrator password; and a log presenter thatpresents the operation history information when the password changer haschanged the administrator password.
 2. The information processing deviceaccording to claim 1, wherein at least an executant, a date, and detailsof an operation are stored in association with one another as theoperation history information stored in the storage.
 3. The informationprocessing device according to claim 1, wherein the logger logs detailsof operations inputted using the operation processor after theinformation processing device is started for the first time until theadministrator password has been changed from the initial password to adifferent password, in the storage as the operation history information.4. The information processing device according to claim 1, furthercomprising a display, wherein a password change request screen forrequesting that the administrator password be changed is displayed onthe display in a situation in which the administrator password isunchanged and is still the initial password when the informationprocessing device is started.
 5. The information processing deviceaccording to claim 1, further comprising: a display; and a passwordauthenticator that authenticates the administrator password entered,wherein after an administrator information setting screen for settinginformation related to an administrator including the administratorpassword is displayed on the display if the password authenticatorconfirms that the entered administrator password and the initialpassword match while the administrator password is unchanged and isstill the initial password, once the administrator password has beenchanged through the operation processor, the resulting administratorpassword is stored in the storage as a changed password, and the changedpassword is used for authentication of the administrator password to beperformed by the password authenticator.
 6. The information processingdevice according to claim 1, further comprising a display that displaysinformation, wherein the log presenter displays the operation historyinformation on the display.
 7. The information processing deviceaccording to claim 1, further comprising an image outputter that printsinformation, wherein the log presenter prints out the operation historyinformation on printing paper using the image outputter.
 8. Theinformation processing device according to claim 1, further comprising acommunicator that communicates information via a network, wherein thelog presenter transmits the operation history information to anotherinformation processing device using the communicator via the network. 9.A method for managing history information of an information processingdevice, the information processing device including an operationprocessor through which a user of the information processing deviceinputs information and a storage in which an initial password being aninitial setting of an administrator password is prestored, the methodcomprising: logging details of operations inputted using the operationprocessor, in the storage as operation history information; confirmingwhether or not the administrator password has been entered; changing,upon a confirmation that a password differing from the initial passwordhas been entered, the administrator password and storing the enteredpassword as a new administrator password; and presenting the operationhistory information when the administrator password has been changed.